I was training a new model (model type 4) (on the storage_factor branch, commit affcf931c354d50f55760a671e7087ff7bf526a8 ), and I got a mysql error, the error was due to inproper escaping of the query parameters:
Traceback (most recent call last):
File "/home/gio/langdev/gitclones/arbimon2-jobs/lib/a2audio/training_lib.py", line 600, in save_model_to_db
str(user_id)+" ,"+str(training_set_id)+", "+str(valiId)+" )")
File "/home/gio/langdev/gitclones/arbimon2-jobs/.env/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line 205, in execute
self.errorhandler(self, exc, value)
File "/home/gio/langdev/gitclones/arbimon2-jobs/.env/local/lib/python2.7/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
raise errorclass, errorvalue
ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's test pattern matching model', 4 , 'project_32/models/job_891_7_1.mod' , now() ' at line 1")
We need to make sure query arguments are properly escaped. Leaving them like this is dangerous, because it is a security vulnerability and can expose us to injection attacks.
I was training a new model (model type 4) (on the storage_factor branch, commit affcf931c354d50f55760a671e7087ff7bf526a8 ), and I got a mysql error, the error was due to inproper escaping of the query parameters:
We need to make sure query arguments are properly escaped. Leaving them like this is dangerous, because it is a security vulnerability and can expose us to injection attacks.
In any case:
The hunt is on.